Reading: Dash Core Senior Advisor Disappears with Investor Funds

Ethereum

Ethereum Vulnerability Could Have Allowed Attackers to Drain Hot Wallets

Avatar

Georgi Georgiev | Nov 26, 2018 | 18:00

Ethereum

Ethereum Vulnerability Could Have Allowed Attackers to Drain Hot Wallets

Avatar

Georgi Georgiev | Nov 26, 2018 | 18:00

Send
Share

A recent vulnerability in the Ethereum network could have reportedly allowed hackers to gain massive profits from cryptocurrency exchanges which haven’t set up a Gas usage limit.

A Critical Vulnerability

A group of researchers discovered a vulnerability in Ethereum which allowed attackers to drain exchanges by burning their ETH on high transaction costs or to benefit directly by minting GasToken.

The report details that exchanges which allow parties to withdraw ETH to arbitrary addresses without setting gas usage limit could have been exposed to increased transaction fees. According to the paper, there are two different options of exploiting this vulnerability.

The first option would allow the hacker to drain the unprotected exchange by making it pay for large amounts of transaction fees. The second option would allow the attacker to mint GasToken for substantial profits by simply imposing a small amount of GasToken as a tax for “naïve users.”

Issues Purportedly Patched

Reportedly, the vulnerability only affected exchanges which initiate Ethereum transactions and not such which process them. Furthermore, the report confirms that decentralized exchanges, as well as other venues operating on smart contract transactions initiated by users, remained unaffected. The report also outlined that EVM-based blockchains and Ethereum Classic may also be affected.

According to the official Medium publication, the researchers have already connected to a bulk of the affected exchanges which have supposedly patched the vulnerability.

Additionally, the researchers have given recommendations for exchanges to implement gas limits on all transactions.

Implement reasonable gas limits on all transactions. If any expensive transactions are made, ensure that the user bears the cost. Fees for a given withdrawal should always cover the gas needed. – reads the report.

What do you think of the recently discovered vulnerability and the lack of protection in certain exchanges? Don’t hesitate to let us know in the comments below!

Images courtesy Bitcoinist archives, Shutterstock.

BitStarz Player Lands $2,459,124 Record Win! Could you be next big winner?

Tags: , , , , ,
Send
Share
Show comments
is bitcoin overvalued
Ethereum

Is Bitcoin Still Over Valued Despite a 50% Correction?

Bitcoin has turned bearish again this week following an 18% climb the previous week. Market sentiment is generally negative and analysts are eyeing further losses and a return to the...

Martin Young | 2 days ago
ethereum researcher arrested
Ethereum

Ethereum Researcher Arrested by FBI but ETH Price Unfazed

Ethereum Foundation member Virgil Griffith was arrested on Thursday for traveling to North Korea to hold presentations regarding crypto and blockchain technologies and their use for...

Ali | 6 days ago
nouriel roubini ethereum
Ethereum

Nouriel Roubini Joins the Anti-Ethereum Brigade

Nouriel Roubini, “Dr. Doom”, once again lashed out against the perceived lack of value of crypto assets. This time, he selected Ethereum (ETH) specifically. ETH Has No Intrinsic...

Christine Vasileva | 7 days ago